package com.boarsoft.boar.gateway.weixin.common.http;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.boarsoft.boar.gateway.wechat.common.WechatConfig;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.TrustManagerFactory;


/**
 * 自定义一个TrustManager方法，实现X509TrustManager接口，用来加载证书库，并当前证书是否被信任
 * @author duys
 * @version 2013-08-03
 */
public class WeixinX509TrustManagerNew implements javax.net.ssl.TrustManager {

	/**
	 * X.509类型的TrustManager
	 */
    private static X509TrustManager sunJSSEX509TrustManager;
    private static SSLSocketFactory SSLSocketFactory = null;

    private static Logger log = LoggerFactory.getLogger(WeixinX509TrustManagerNew.class);
    
	  static
	  {
	    try
	    {
	      SSLContext tSSLContext = SSLContext.getInstance("TLS");

	      TrustManagerFactory tTrustManagerFactory = TrustManagerFactory.getInstance("SunX509");
	      KeyStore tKeyStore = KeyStore.getInstance("JKS");
	      String keystoreFile = WechatConfig.getProperty("weixin.keystore.filePath");
	      String keystorePassword = WechatConfig.getProperty("weixin.keystore.filePath");
//	      String wxConfFile="D:\\work\\workspace\\dy-kf\\dyccbGateway\\WebContent\\WEB-INF\\wx_server.keystore";
	      
	      FileInputStream kis=new FileInputStream(keystoreFile);
	      tKeyStore.load(kis, keystorePassword.toCharArray());
	      tTrustManagerFactory.init(tKeyStore);
	      TrustManager[] tTrustManager = tTrustManagerFactory.getTrustManagers();
	     
	      tSSLContext.init(null, tTrustManager, null);
	  
	      /************测试用，信任任意库***********/
//	      TrustAnyTrustManager tatm=new TrustAnyTrustManager();
//	      tSSLContext.init(null, new TrustManager[]{tatm}, null);

	      SSLSocketFactory = tSSLContext.getSocketFactory();
	      
	      for (int i = 0; i < tTrustManager.length; i++) {
	            if (tTrustManager[i] instanceof X509TrustManager) {
	                sunJSSEX509TrustManager = (X509TrustManager) tTrustManager[i];
	                break;
	            }
	        }
	      kis.close();
	    }
	    catch (Exception e) {
	    	log.error("初始化KEYSTORE失败", e);
	    }
	  }
	  
    /**
     * 校验客户端证书是否被信任
     */
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
//        try {
//            sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
//        } catch (CertificateException excep) {
//        	throw excep;
//        }
    }
    
    /**
     * 校验服务器端证书是否被信任
     */
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
//        try {
//            sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
//        } catch (CertificateException excep) {
//        	throw excep;
//        }
    }
    
    /**
     * 返回接受的发行商数组
     */
    public X509Certificate[] getAcceptedIssuers() {
//        return sunJSSEX509TrustManager.getAcceptedIssuers();
        return null;
    }
    
    public static SSLSocketFactory getSSLSocketFactory() {
		return SSLSocketFactory;
	}
    
    
}
